Hello all,
I have a TDI driver in which I monitor all address and connection objects. When a VPN server is created in Windows Vista, I can see the creation of the corresponding TdiTransportAddress
for port 1723, but no TDI_SET_EVENT_HANDLER or TDI_LISTEN requests. How does it manage to listen for connections?
Thank you!
If you are referring to the PPTP (and perhaps L2TP too, I don’t remember)
based VPN facilities in Windows, I think you might find that they have a
common bug which when sending IRPs to \Device\Tcp they do not call
IoGetRelatedDeviceObject() and thus always send the IRP directly to
\Device\Tcp and *not* to any TDI filter.
So, all of you just waiting in the wings to tell this guy to hook the
dispatch entrypoints TCPIP.SYS can chime in now…
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
From:
Sent: Wednesday, November 28, 2007 12:06 PM
To: “Windows System Software Devs Interest List”
Subject: [ntdev] strange use of TdiTransportAddress by windows vpn server
> Hello all,
>
> I have a TDI driver in which I monitor all address and connection objects.
> When a VPN server is created in Windows Vista, I can see the creation of
> the corresponding TdiTransportAddress
> for port 1723, but no TDI_SET_EVENT_HANDLER or TDI_LISTEN requests. How
> does it manage to listen for connections?
>
> Thank you!
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Humm…
On Vista and later TDI is deprecated. There are shims that provide some support for legacy TDI clients. However, TDI is not the mainline path for filtering above the new Vista TCP/IP implementation.
Use the new Windows Filtering Platform (WFP) instead of TDI filters on Vista and later platforms.
Good luck,
Thomas F. Divine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-307213-
xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Wednesday, November 28, 2007 12:06 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] strange use of TdiTransportAddress by windows vpn
serverHello all,
I have a TDI driver in which I monitor all address and connection
objects. When a VPN server is created in Windows Vista, I can see the
creation of the corresponding TdiTransportAddress
for port 1723, but no TDI_SET_EVENT_HANDLER or TDI_LISTEN requests. How
does it manage to listen for connections?Thank you!
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Alas, RASPPTP.SYS on Vista still uses TDI and still fails to (or chooses
not to, who knows, maybe it is a ‘feature’) IoGetRelatedDeviceObject() when
it submits a TDI_SET_EVENT_HANDLER IRP.
But of course, Thomas is 100% right. On Vista, WFP is the way to go…
-dave
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
Sent: Wednesday, November 28, 2007 2:42 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] strange use of TdiTransportAddress by windows vpn
server
Humm…
On Vista and later TDI is deprecated. There are shims that provide some
support for legacy TDI clients. However, TDI is not the mainline path for
filtering above the new Vista TCP/IP implementation.
Use the new Windows Filtering Platform (WFP) instead of TDI filters on Vista
and later platforms.
Good luck,
Thomas F. Divine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-307213-
xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Wednesday, November 28, 2007 12:06 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] strange use of TdiTransportAddress by windows vpn
serverHello all,
I have a TDI driver in which I monitor all address and connection
objects. When a VPN server is created in Windows Vista, I can see the
creation of the corresponding TdiTransportAddress for port 1723, but
no TDI_SET_EVENT_HANDLER or TDI_LISTEN requests. How does it manage to
listen for connections?Thank you!
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I know about WFP, but it is not an option (yet). The driver is already written and it must run on Windows 2000 and XP, so, for now, I’m still stuck with TDI. Thank you all for answering.
I assume you see the very same behavior on Windows 2000 and Windows XP. Is
that right? I checked my notes on this and AFAIK, L2TP does *not* have
this issue but PPTP does. The PPTP TDI client has been around for a long
time (probably without any change) since NT4 days. I think it has always
had this behavior and thus been ‘unfilterable’ with a conventional TDI
(IoAttach…) filter. Who knows, maybe someone from US Robotics or the NT4
Steelhead folks will know why. The only ones I know of are VPs now and
probably don’t hang out answering techie questions anymore.
Good Luck,
-dave
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Wednesday, November 28, 2007 6:01 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] strange use of TdiTransportAddress by windows vpn server
I know about WFP, but it is not an option (yet). The driver is already
written and it must run on Windows 2000 and XP, so, for now, I’m still stuck
with TDI. Thank you all for answering.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer